1 files changed, 46 insertions, 0 deletions

diff --git a/nis-Fix-leak-on-realloc-failure-in-nis_getnames-BZ-2.patch b/nis-Fix-leak-on-realloc-failure-in-nis_getnames-BZ-2.patch
new file mode 100644
index 0000000..b72b474
--- /dev/null
+++ b/nis-Fix-leak-on-realloc-failure-in-nis_getnames-BZ-2.patch
@@ -0,0 +1,46 @@
+From 60698263122b7c54ded3f70a466176e17a529480 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Wed, 28 Jul 2021 14:23:32 -0400
+Subject: [PATCH] nis: Fix leak on realloc failure in nis_getnames [BZ #28150]
+
+If pos >= count but realloc fails, tmp will not have been placed in
+getnames[pos] yet, and so will not be freed in free_null.  Detected
+by Coverity.
+
+Also remove misleading comment from nis_getnames(), since it actually
+did properly release getnames when out of memory.
+
+Tested-by: Carlos O'Donell <carlos@redhat.com>
+---
+ nis/nis_subr.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/nis/nis_subr.c b/nis/nis_subr.c
+index dd0e300..6784fc3 100644
+--- a/nis/nis_subr.c
++++ b/nis/nis_subr.c
+@@ -103,9 +103,6 @@ count_dots (const_nis_name str)
+   return count;
+ }
+ 
+-/* If we run out of memory, we don't give already allocated memory
+-   free. The overhead for bringing getnames back in a safe state to
+-   free it is to big. */
+ nis_name *
+ nis_getnames (const_nis_name name)
+ {
+@@ -271,7 +268,10 @@ nis_getnames (const_nis_name name)
+ 	      nis_name *newp = realloc (getnames,
+ 					(count + 1) * sizeof (char *));
+ 	      if (__glibc_unlikely (newp == NULL))
+-		goto free_null;
++		{
++		  free (tmp);
++		  goto free_null;
++		}
+ 	      getnames = newp;
+ 	    }
+ 	  getnames[pos] = tmp;
+-- 
+1.8.3.1
+